A Tor Vulnerability May Have Enabled Dark Web Bitcoin Theft

Published at: Aug. 11, 2020

According to recently published research, an attacker has found vulnerabilities in the Tor browser network that might have allowed them to steal Bitcoin (BTC) from users. Tor was developed by the U.S. government for anonymous internet communication and has since been adopted by privacy advocates. Because of its privacy-preserving features, it is also popular with the denizens of the Dark Web. Many in the crypto community rely on Tor, entrusting their Bitcoin transactions to its security and anonymity.

Confirmed malicious Tor exit capacity controlled by a malicious player. Source: nusenu.

However, according to nusenu, who discovered this attack, this might not be a good choice. Tor protects user anonymity by routing data through a number of relays. Tor exit relays are the last hop in this process, and the only ones that get to see the actual destination of the Tor user. Starting in January, a malicious party allegedly began running a large number of Tor exit relays, peaking at 23% of the total in May.

The malicious Tor exit relays were performing what is known as a “person-in-the-middle” attack:

“They perform person-in-the-middle attacks on Tor users by manipulating traffic as it flows through their exit relays. They (selectively) remove HTTP-to-HTTPS redirects to gain full access to plain unencrypted HTTP traffic without causing TLS certificate warnings.”

This is a known vulnerability and there are countermeasures that are available, but unfortunately, many website operators do not implement them. According to nusenu, the attackers were primarily focused on cryptocurrency related sites. They would replace user’s Bitcoin address with their own, thus, routing coin to their wallets:

“It appears that they are primarily after cryptocurrency related websites — namely multiple bitcoin mixer services. They replaced bitcoin addresses in HTTP traffic to redirect transactions to their wallets instead of the user provided bitcoin address.”

The number of relays controlled by the hacker has gone down to about 10% as of August. While the researcher has informed some affected Bitcoin services of the vulnerability, we do not know how much Bitcoin has already been stolen by the hackers.

Tags
Bitcoin
Hackers
Cybercrime
Dark Web
Tor
Related Posts
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Report: Crypto crimes declined in 2020, but DeFi hacks are on the rise
Cryptocurrency-related crimes have slowed down in 2020, but some sectors within the crypto industry have become a new hotbed for criminal activity, a new report says. Citing major crypto analytics firm CipherTrace, Reuters reported on Nov. 10 that total losses from crypto thefts, hacks and fraud dropped from $4.4 billion in 2019 to $1.8 billion over the first 10 months of 2020. CipherTrace CEO Dave Jevans said that the general decline of criminal activity in the crypto industry is a result of increased security measures: “What we have seen is that exchanges and other cryptocurrency players have implemented more security …
Bitcoin / Nov. 10, 2020
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions
Digital intelligence firm Cellebrite has launched its “Cellebrite Crypto Tracer” solution. The new offering is powered by CipherTrace and aims to trace illicit cryptocurrencies involved in money laundering, terrorism, drugs, human trafficking, weapon sales and ransomware schemes. The suite of tools will be available to investigators, analysts and non-technical agents who want to lawfully obtain evidence and trace criminals who use cryptos like Bitcoin (BTC) through the darknet. Citing figures from an Oxford University study, Cellebrite states that an estimated $76 billion worth of illegal activities involve Bitcoin. Curating millions of information references to trace transactions The Cellebrite Crypto Tracer …
Technology / July 28, 2020
Cybercriminals Hide Crypto Mining Script Behind Kobe Bryant Wallpaper
Opportunistic cybercriminals are capitalizing on the death of basketball legend Kobe Bryant earlier this week by setting booby-traps for those searching for mementos of the star. According to a tweet by Microsoft Security Intelligence on Jan. 31, hackers are hiding malicious html code containing a cryptojacking script in desktop wallpaper of the NBA all-time great. Cryptojacking is a practice whereby cybercriminals hijack processing power from other computers to mine cryptocurrencies remotely. Following the tragic helicopter crash which claimed the lives of Byrant, his 13-year old daughter, and seven other occupants, there has been increased interest in the star from both …
Bitcoin / Jan. 31, 2020
Cybersecurity Firm: Fortnite Gamers Targeted by Malware That Steals BTC Addresses
Cybersecurity firm Malwarebytes has found that scammers are using malware that targets the Bitcoin (BTC) wallet addresses of Fortnite gamers, according to a post published October 2. Fortnite is currently one of the most popular video games in the world, with reports suggesting that 125 million people are active players. Malwarebytes has investigated the game’s online ecosystem and found that “con artists” are sneaking malicious data theft code into downloads that apparently promise “free” season six Fortnite Android versions, among other “bogus cheats, wallhacks and aimbots.” So-called “free V-Bucks” – an in-game currency that can be used to purchase additional …
Bitcoin / Oct. 4, 2018